Securing Early Software Development

In this talk, I will present a trusted advisor business model for smaller security firms, especially those with a handful of extremely strong contributors plus a larger staff. The model is novel and has been successfully adapted for a series of Seattle-area start-up firms plus one international hospitality brand. Benefits to the client firm, investors, and customers include improvements to product reliability, public relations, and frequency of emergency funding appeals. Benefits to the consultants are equally attractive: stable revenue, low-volume-high-skill work, high-volume-low-skill work, and a teachable system for converting technical expertise into recurring sales. By formalizing what is already often true, the trusted security advisor becomes a specific and profitable job description. I present the idea, the pitch, and then a fast-forward client onboarding process to help the audience seed their own inventive methods for selling security services to software developers.

Mr. Eller’s passion for computing began with early home machines and exploded in the vibrant bulletin board (BBS) days of the late 1980s. He grew up in the emerging network security community, learning from hackers across the globe. As an adult, he became a software engineer working on systems software, wireless routing protocols, graphics subsystems, small business management, criminal justice, cryptography, and compression. Through the DEFCON and BlackHat conference series, and his 16 annual Challenge parties, Caezar met and collaborated with some of the best minds of the last decade. His contributions to security include the first printable-character exploit encoding, the first public discussion of remedies for distributed denial of service, the (patented) first general-purpose fuzzer, a method for trust in decentralized networks (now mirrored by DNSSEC), plus several wireless networking inventions. Today, Riley is the Security Strategist for Leviathan Security Group, where he coaches start-up firms through maturing their secure software development lifecycle. As a trusted advisor to these small firms, Mr. Eller also helps to liaise with investors and major account clients.